210 likes | 220 Vues
Explore the OIT Unified SDLC, project initiation steps, and SaaS implementation strategies at UCI with OIT as your trusted technology partner. Learn about vendor selection, project planning, SLAs, data management, and technology assessments.
E N D
Before You Build or Buy Eric Taggart OIT Enterprise Application Systems
OIT Unified SDLC Systems Development Life Cycle The (IT) Circle of Life • Define Problem • Gather Requirements • Select/Design Solution • Development/Implementation • Test • Deploy • Support/Maintain Upgrade/Enhance (repeat the cycle) https://wiki.oit.uci.edu/display/public/OIT+Unified+SDLC
The First 55 Minutes • Project Request • Clearly state the problem to be solved or the context for the opportunity to be leveraged • Identify the primary sponsor, key stakeholders and project manager (who leads the project) • Indicate how a solution will be determined and selected • Approval initiates the search for a solution (may include an RFI or RFP process) • Project Proposal • Propose how the problem will be solved (build, buy or rent) • Describe the business case, impacts/dependencies, alternatives considered, high-level estimated cost/timeline • Approval initiates detailed planning to develop a Project Charter • Project Charter • Define more precisely what’s to be done, by whom, by when and for how much • Identifies key project deliverables and methodologies/processes to be followed • Leads to a detailed Project Plan for review/approval then execution
Software as a Service (SaaS) • Existing Services or New Services • Vendor hosted vs Cloud services • Pure SaaS vs Hybrid SaaS • Who owns and operates the software • SaaS ≠ No IT SaaS = Different IT • It’s still the University’s business and data - has to be protected and secured • Implementation focus on adapting business processes to meet SaaS offering • Requires integrations with other solutions: identity/authentication, personnel, finance, other ERP systems • Integrations can be used to address requirement gaps in SaaS offerings • Service Level Agreements (SLAs) • Shifts responsibility from UCI operations to contractual obligations • Requires someone at UCI to manage the service contract
OIT - Your SaaS Technology Partner • SaaS offerings range from very simple to very complex • They’re used to handle university business and data that range from very simple to very complex • OIT is prepared to offer a LONG list of related services to help on SaaS Projects • Everything I’m about to review is written here ... “OIT as Technology Partner with Campus Units for Vendor SaaS Offerings - Service Level Agreement (SLA)” https://wiki.oit.uci.edu/x/eAMLTw
OIT - Your SaaS Technology Partner OIT's level of involvement, responsibility and accountability will vary for any given SaaS project depending on the service’s complexity. Many items are not solely led by OIT and involve shared responsibility/involvement across the UCI Client, the SaaS vendor and OIT • Technology Partner and General IT Coordination • OIT Project intake, scoring, review and tracking • Active participant in pre-planning, planning, assessment, selection, implementation and coordination meetings • Availability of related OIT technologies/services/integrations • General advice and guidance regarding Information Technology services, products, concepts, principles and methodologies
OIT - Your SaaS Technology Partner • Solution Pre-Planning • Identify opportunities to be achieved or problems to be solved • Clarify of scope of business/service to be addressed • Coordination to ensure Client, vendor and OIT responsibilities are understood, appropriate and conducted in a sound manner • Includes gathering of functional requirements and business process analysis (current-state, future-state, transition) • Understand level of criticality to business operations for the solution • Determining a preferred implementation/delivery model • Privacy Impact Assessment • Data Inventory (what data will be used and why) • Data Classification (protection and availability levels)
OIT - Your SaaS Technology Partner • Technology Partner with RFI, RFP and/or Sole Source selection activities • Coordination with other UC locations using the same service (for references, recommendations, discounts) • Technology partner/advisor when vendors are building a new SaaS offering • Help ensure proper IT principles are used when vendors are contracted by the UCI Client to define, design and develop a new SaaS offering - including appropriate design/development methodologies, information security and SaaS model determinations
OIT - Your SaaS Technology Partner • Technology Assessment of SaaS Offerings • Understand the vendor’s technology platform to help guide assessment activities • Service availability (hours of service) and service monitoring • Accessibility per UC guidelines - including coordination of an initial "Accessibility and Security Review" and further accessibility reviews/activities as needed • Minimum user technology requirements (browsers, devices, etc.) • Shared tenancy or private cloud • Load balancing and performance monitoring • Service/Data Location (inside US-only? if outside US, need details) • Infrastructure and product upgrade/refresh model - availability of upgrade sandbox/test environments • Service monitoring (uptime, health, planned service outages, incident response for unplanned outages, appropriate client notifications)
OIT - Your SaaS Technology Partner • Technology Assessment of SaaS Offerings (continued) • Extent of available customer configuration • Availability of client-specific code/system customization (and model/costs for development/maintenance/support) • Integrations Assessment • Authentication, authorization, accounts, in-bound data feeds, out-bound data feeds, software APIs, etc. • Data retention/destruction • Service Resiliency • Disaster Recovery (model, configuration, processes, testing) • Clarify reporting capabilities and/or data integrations needed to support reporting using UCI infrastructure • Vendor use of other 3rd party infrastructure, licenses or services (including information security considerations, etc.)
OIT - Your SaaS Technology Partner • Information Security Risk Assessment • Utilize the Educause HECVAT (or HECVAT-Lite) security risk assessment tool in conjunction with UCI’s SRAQ • Support OIT's information security risk assessment process - including coordination of an initial "Accessibility and Security Review" and further security reviews/activities as needed • Coordination of Information Security Risk Assessment follow-up action items • Facilitate the vendor accepting the UC Data Security and Privacy Appendix (including the vendor information security plan) with any contracts or service agreements (also HIPAA and/or GDPR BAAs)
OIT - Your SaaS Technology Partner • Service Contract Negotiations (in collaboration with the client campus unit and UCI Procurement Services) • Ensure mutual understanding of contracting language/terminology and costs • Early termination, code ownership, intellectual property • Determine available and select desired licensing options (e.g. concurrent, seats, named, enterprise) • Determine needed environments (testing, production, etc.) and configurations • Negotiate appropriate Service Level Agreement (SLA) components and attributes • Vendor support expectations - and UC IT operations expectations (if any) • Support model and costs (how is support requested and managed? What are support limits and how are overages handled? Vendor-responsibility problems vs client-responsibility problems) • Support hours and after-hours support • Service monitoring
OIT - Your SaaS Technology Partner • Service Contract Negotiations (continued) • Ensure compliance with UC information security and privacy requirements - including acceptance the UC Data Security and Privacy Appendix (and adequacy of the required/accompanying vendor information security plan) • Ensure specification and compliance with data ownership and data preservation requirements • Ensure UCI responsibilities for paying for subscriptions/services is clearly understood and appropriate
OIT - Your SaaS Technology Partner • Vendor Professional Services for Implementation • Serve as UCI technical partner during implementation - facilitate coordination with other OIT teams as needed • Help ensure scope of work is clearly and appropriately defined • Help ensure product configuration is handled effectively and maps to requirements • Ensure there’s effective environment planning and execution • Ensure there’s adequate change control and promotion of configurations/data across environments • Ensure adequate planning for production support (vendor and campus) • Help coordinate any transition activities if there’s an existing related service/data • Provide UCI technical review and sign-off on vendor deliverables as the implementation progresses
OIT - Your SaaS Technology Partner • OIT IT Service Integration • Review vendor integration points, options and frameworks including: • Authentication services, directory services, simple data interfaces, smtp email service, personnel, financials, etc. • Support the implementation of related integrations, representing/coordinating UCI's side of those integrations and potentially developing/configuring the client-side of UCI-owned integration services • Coordinate SSL and any other related security certificates if required
OIT - Your SaaS Technology Partner • Client-side Production Technical Support for Operational SaaS Offerings • Serve as UCI technical contact for UCI Clients and SaaS vendors for operational SaaS offerings being used under active subscriptions/service-contracts • Provide technical support for integrations with standard and custom UCI-owned services • Help ensure user and support requests from UCI Clients and users are properly triaged and routed following appropriate vendor SLA and OIT support agreements